X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2Fanalysisd%2Fdecoders%2Fdecoder.c;h=b5cb30332d85abf160a5d61162e8ca1220883c40;hb=refs%2Fheads%2Fupstream;hp=65878178abf7d35d3f7ef24b4757c551c9e61a32;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a;p=ossec-hids.git diff --git a/src/analysisd/decoders/decoder.c b/src/analysisd/decoders/decoder.c index 6587817..b5cb303 100755 --- a/src/analysisd/decoders/decoder.c +++ b/src/analysisd/decoders/decoder.c @@ -1,18 +1,19 @@ -/* @(#) $Id: decoder.c,v 1.42 2009/06/24 17:06:23 dcid Exp $ */ +/* @(#) $Id: ./src/analysisd/decoders/decoder.c, 2011/09/08 dcid Exp $ + */ /* Copyright (C) 2009 Trend Micro Inc. * All rights reserved. * * This program is a free software; you can redistribute it * and/or modify it under the terms of the GNU General Public - * License (version 3) as published by the FSF - Free Software + * License (version 2) as published by the FSF - Free Software * Foundation. * - * License details at the LICENSE file included with OSSEC or + * License details at the LICENSE file included with OSSEC or * online at: http://www.ossec.net/en/licensing.html */ - + #include "shared.h" #include "os_regex/os_regex.h" #include "os_xml/os_xml.h" @@ -49,10 +50,13 @@ void DecodeEvent(Eventinfo *lf) #ifdef TESTRULE - print_out("\n**Phase 2: Completed decoding."); - #endif + if(!alert_only) + { + print_out("\n**Phase 2: Completed decoding."); + } + #endif - do + do { nnode = node->osdecoder; @@ -60,7 +64,7 @@ void DecodeEvent(Eventinfo *lf) /* First checking program name */ if(lf->program_name) { - if(!OSMatch_Execute(lf->program_name, lf->p_name_size, + if(!OSMatch_Execute(lf->program_name, lf->p_name_size, nnode->program_name)) { continue; @@ -84,12 +88,12 @@ void DecodeEvent(Eventinfo *lf) #ifdef TESTRULE - print_out(" decoder: '%s'", nnode->name); - #endif - + if(!alert_only)print_out(" decoder: '%s'", nnode->name); + #endif + lf->decoder_info = nnode; - + child_node = node->child; @@ -118,7 +122,7 @@ void DecodeEvent(Eventinfo *lf) { char *llog; - /* If we have an offset set, use it */ + /* If we have an offset set, use it */ if(nnode->prematch_offset & AFTER_PARENT) { llog = pmatch; @@ -159,7 +163,7 @@ void DecodeEvent(Eventinfo *lf) return; child_node = child_node->next; - nnode = NULL; + nnode = NULL; } else { @@ -181,8 +185,8 @@ void DecodeEvent(Eventinfo *lf) nnode->plugindecoder(lf); return; } - - + + /* Getting the regex */ while(child_node) { @@ -269,13 +273,16 @@ void DecodeEvent(Eventinfo *lf) } /* ok to return */ - return; + return; }while((node=node->next) != NULL); #ifdef TESTRULE - print_out(" No decoder matched."); + if(!alert_only) + { + print_out(" No decoder matched."); + } #endif - + } @@ -283,115 +290,115 @@ void DecodeEvent(Eventinfo *lf) void *DstUser_FP(Eventinfo *lf, char *field) { #ifdef TESTRULE - print_out(" dstuser: '%s'", field); + if(!alert_only)print_out(" dstuser: '%s'", field); #endif - + lf->dstuser = field; return(NULL); } void *SrcUser_FP(Eventinfo *lf, char *field) { #ifdef TESTRULE - print_out(" srcuser: '%s'", field); + if(!alert_only)print_out(" srcuser: '%s'", field); #endif - + lf->srcuser = field; return(NULL); } void *SrcIP_FP(Eventinfo *lf, char *field) { #ifdef TESTRULE - print_out(" srcip: '%s'", field); + if(!alert_only)print_out(" srcip: '%s'", field); #endif - + lf->srcip = field; return(NULL); } void *DstIP_FP(Eventinfo *lf, char *field) { #ifdef TESTRULE - print_out(" dstip: '%s'", field); + if(!alert_only)print_out(" dstip: '%s'", field); #endif - + lf->dstip = field; return(NULL); } void *SrcPort_FP(Eventinfo *lf, char *field) { #ifdef TESTRULE - print_out(" srcport: '%s'", field); + if(!alert_only)print_out(" srcport: '%s'", field); #endif - + lf->srcport = field; return(NULL); } void *DstPort_FP(Eventinfo *lf, char *field) { #ifdef TESTRULE - print_out(" dstport: '%s'", field); + if(!alert_only)print_out(" dstport: '%s'", field); #endif - + lf->dstport = field; return(NULL); } void *Protocol_FP(Eventinfo *lf, char *field) { #ifdef TESTRULE - print_out(" proto: '%s'", field); + if(!alert_only)print_out(" proto: '%s'", field); #endif - + lf->protocol = field; return(NULL); } void *Action_FP(Eventinfo *lf, char *field) { #ifdef TESTRULE - print_out(" action: '%s'", field); + if(!alert_only)print_out(" action: '%s'", field); #endif - + lf->action = field; return(NULL); } void *ID_FP(Eventinfo *lf, char *field) { #ifdef TESTRULE - print_out(" id: '%s'", field); + if(!alert_only)print_out(" id: '%s'", field); #endif - + lf->id = field; return(NULL); } void *Url_FP(Eventinfo *lf, char *field) { #ifdef TESTRULE - print_out(" url: '%s'", field); + if(!alert_only)print_out(" url: '%s'", field); #endif - + lf->url = field; return(NULL); } void *Data_FP(Eventinfo *lf, char *field) { #ifdef TESTRULE - print_out(" extra_data: '%s'", field); + if(!alert_only)print_out(" extra_data: '%s'", field); #endif - + lf->data = field; return(NULL); } void *Status_FP(Eventinfo *lf, char *field) { #ifdef TESTRULE - print_out(" status: '%s'", field); + if(!alert_only)print_out(" status: '%s'", field); #endif - + lf->status = field; return(NULL); } void *SystemName_FP(Eventinfo *lf, char *field) { #ifdef TESTRULE - print_out(" system_name: '%s'", field); + if(!alert_only)print_out(" system_name: '%s'", field); #endif lf->systemname = field;